• Bypassing Wi Fi HotSpot Access Control By Session Stealing [Hacking]

    by  • June 14, 2011 • Black Hat • 1 Comment

    Disclaimer: For Educational purpose only, We DO NOT take responsibility of any harm caused by this method to any one or any organization.

    We are using PC with Backtrack OS, You can also do it without installing backtrack but I am not going to explain around here how you can. Because if you want to really dig in to some real hacking grab Backtrack for free here & Install on your PC.

    Hacking Scenario:

    If you around a paid wi fi network & you need to connect to internet you need to pay per hour for any network. To use it for free hackers use the method call session stealing to bypass the Wi Fi Hotspot’s Access Control. In plain words we have to create a fake MAC address for our network card. And the fake one should resemble to some paid user already on network. (Don’t worry you’ll understand stuff in process)

    Session Hijacking For  Wi Fi Hotspot Hacking

    You can read our Tutorial  – What is Session Hijacking For more information.

    Goal: Changing your MAC Address to Someone’s Who has already purchased for using the network.

    Step 1:  Verify Wi Fi Network is Around

    Start Wireless Assistant in Backtrack  & confirm you have some wireless network around. Then you can click “Connect” to that network. It won’t let you connect because you are not the paid user. It will open up browser and will ask you to pay for usage.

    Close it.

    Step 2: Connectin up With Wi Fi Network (rausb0)

    There are multiple ways you can do this & very simple would be to use Ping Scan from backtrack. I am demonstrating here by using AiroDump which will be an add on method for you to learn.

    Open up your Shell or Konsole form Backtrack & now we have to put network in Monitor mode.

    Type in ifconfig -a (Hit Enter)

    You ll see list of network interfaces. I see “rausb0in my list which I want to connect so type in following and hit enter again.

    ifconfig rausb0 up

    Now your network is up & we have to put network in monitor mode so type in following.

    iwconfig rausb0 mode monitor (Hit Enter)

    iwconfig (Enter again)

    So now we are up in monitor mode. We have to start Airodump Next.

    Step 3: Start Airodump

    In the same shell type in

    airo (Enter)

    Then, type next

    airodump –ng rausb0 (And guess what – Enter again)

    Now we will see the SSID of the whole network. We have to find the user’s MAC address that is already on a network.

    Step 4: Capturing MAC Address For Spoofing (of Connected User)

    You ll see a list of SSID’s around there. But at the end of all lines you have to find out the name of Wi Fi access point. E.g – You’ll Find attwifi if you are on the AT&T wifi network. As shown in following image.

    MAC Address Session Stealing

    You have to copy the MAC address corresponding to that wifi network. And use it in following command.

    airodump –ng –bssid xx:xx:xx:xx:xx:xx rausb0 (Replace copied MAC Address at XX & Hit Enter)

    It will now open up the rausb0 interface & will take some time to find out network traffic. Then you’ll see some stations with its packet data flow information. For security pick up the station that have more data packets flowing. (Like more than 30-40)

    Copy the MAC ADDRESS of this station.

    Now you have finalized the address to replace as our MAC address, you have to put back the network to Manage mode from monitor Mode.

    If you have USB dongle plugged in simply unplug it, change MAC adrdress and plug it back again. If you are not USB dongle type in following and it enter again.

    Ifconfig rausb0 down

    Step 5 : Changing MAC Address

    In your shell type in mac and hit enter to change MAC Address.

    macchange –m xx:xx:xx:xx:xx:xx rausb0 (replace xx with copied MAC address & Enter)

    Now you’ll see current MAC address & Fake MAC address .

     

    Now you have to plug back in your USB you took out few minutes ago. Or if you have used command to put your interface down use following command to put it back up.

    Ifconfig rausb0 up

    Now your MAC address successfully changed you can check by typing ifconfig in console.

    Step 6: Connecting to Hacked Wi Fi Network

    Now you are done at Bypassing Wi Fi HotSpot’s  Access Control Using Session Stealing & you can connect to hotspot as follows.

    1. Open Wireless Assistant.
    2. Select Network
    3. Hit Connect

    And you’re done !!!

    You can thank me, give suggestions, ask any question in comments section below.

    About

    Author is a Tech blogger & loves to share his work on web by writing guidelines for Ethical Hacking students & Security professionals. Performing various types of hacking from pen test to smartphone hacking – He enjoys hacking just for personal research purpose. Working with more of 'grey as well as black hat' hackers for learning advanced hacking as well as defending techniques & share them with learners. His prime area of research is Cyber Criminals & currently working on a Video Product Development to teach hacking & Pen Testing for absolute beginners.

    http://www.hackersenigma.com